Findings of a recent Gartner survey claim that users blame themselves for software defects as much as they blame suppliers.
"One of the most surprising things about the survey was the extent to which respondents were willing to allocate liability for software defects on themselves," said Richard Hunter, a Gartner analyst.
About 47% of 172 IT professionals that were surveyed, said that user companies should be legally liable for damages caused by flaws such as buffer overflows in the software they develop.
At the same time, about 57% of the respondents said software suppliers should be held legally accountable for flaws in the software they develop.
The numbers show a logical consistency when it comes to allocating blame for bad software, Hunter said. Such sentiments come at a time when companies are facing unabated threats from both internal and external attackers.
The results of an annual survey by the Computer Security Institute and the FBI released last week show that the number of major security incidents companies reported in 2002 was roughly the same as in 2001.
But the average loss reported from such incidents was only $804,000 (£487,420), a decrease from an average of $2m (£1.2m) the year before.
Companies appear to be bracing for more attacks, with 56% in the Gartner survey saying they expect a major politically motivated cyberattack on critical infrastructure in their industries within the next 36 months.
Most said that if such an attack were to occur today, they feel it would result in brief, multiregional disruptions.
The Gartner survey also showed that a majority of respondents think open-source software is about as secure as other software. More than 46% said they think the federal government should use and develop open-source software.
Jaikumar Vijayan writes for Computerworld